package com.sm.interceptor;

import com.sm.annotation.IgnoreAuth;
import com.sm.model.User;
import com.sm.service.UserService;
import com.sm.util.JsonUtil;
import com.sm.util.Msg;
import com.sm.util.TokenUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;

/**
 * @author wangpengliang
 * Date 2020/5/14 9:48 上午
 * Copyright (C) www.lovesfang.com
 */
public class ApiInterceptor extends HandlerInterceptorAdapter {

    @Autowired
    private UserService userService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        //预加载请求@wang
        String method = request.getMethod();
        if ("options".equals(method.toLowerCase())) {
            //跨域请求
            response.setHeader("Access-Control-Allow-Origin", "*");                //@测试
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "Content-Type,Authorization,token,brand,brandmodel,osname,osversion,uuid,version,token");
            response.setHeader("Access-Control-Allow-Credentials", "true");
            return true;
        }

        //获取URL对应的方法上的注解,判断是否需要验证用户的存在与否
        HandlerMethod mathod = (HandlerMethod) handler;
        IgnoreAuth annotation = ((HandlerMethod) handler).getMethodAnnotation(IgnoreAuth.class);


        //加载跨域请求@wang
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "*");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Content-Type,Authorization,token,brand,brandmodel,osname,osversion,uuid,version,token");
        response.setHeader("Access-Control-Allow-Credentials", "true");

        //如果有@IgnoreAuth注解，则不验证token
        if (annotation != null) {
            return true;
        }
        if (1 == 1) { //测试用
            return true;
        }


        if (request.getHeader("token") != null && !"".equals(request.getHeader("token"))) {
            String token = request.getHeader("token");

            if (token == null) {
                //token错误
                throwException(response,"token错误");
                return false;
            } else {
                User user = userService.selectByToken(token);
                if (user == null) {
                    //没有此用户
                    throwException(response,"无此用户");
                    return false;
                }
            }
        } else {
            throwException(response,"你还没有登录");
            return false;
        }
        return true;
    }

    private void throwException(HttpServletResponse response, String msg) throws IOException {
        Msg fail = Msg.fail();
        fail.setCode(233);
        fail.setMsg(msg);
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json");
        response.getWriter().println(JsonUtil.objectToJson(fail));
        response.getWriter().flush();
    }

}

